Ransomware victim disclosure
← All victimsVillefranche-sur-Saône (Rhône) Hospital Center
Claimed by Ryuk · listed 5 years ago
Status timeline
- ListedFeb 15, 2021
- Data leakeddate unknown
At a glance
- Group
- Ryuk
- Status
- Data leaked
- Country
- France
- Sector
- Healthcare
- Listed on leak site
- Feb 15, 2021
About the victim
AI dossier — public-source company profileThe Villefranche-sur-Saône Hospital Center is part of the Hôpitaux Nord-Ouest (HNO) network, a public health system serving the north-west of the Rhône department and the Ain in France. The network operates 5 hospitals, 10 EHPADs (care homes for the elderly), 1 maternity unit, and 1 health training institute, employing over 4,000 professionals and handling approximately 270,000 consultations and 50,000 hospitalizations per year. It provides continuous 24/7 public health services across a broad range of specialties.
- Industry
- Public Hospital & Healthcare Services
- Address
- Nord-ouest du département du Rhône et dans l'Ain, France (centred on Villefranche-sur-Saône)
- Employees
- 4000+
Attack summary
Severity: critical — The victim is a public hospital network handling large volumes of sensitive patient medical data (PHI/PII at scale), the disclosure status is 'data_published' confirming exfiltration and release, and healthcare data is classified as regulated/sensitive data under GDPR and French health privacy law. Operational disruption to critical healthcare infrastructure is also a strong likelihood with Ryuk attacks.The Ryuk ransomware group claims to have attacked the Villefranche-sur-Saône Hospital Center; the disclosure status is listed as 'data_published', indicating that data exfiltration and/or publication has occurred, though no specific data volume or ransom demand was captured in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Personal health information (PHI)
- Staff personnel data
- Administrative hospital records
- Financial records
Sources
- Victim sitehno.fr
Source
Indexed 5 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

